White House Urged To Address Surge in Ransomware Attacks (bloomberg.com) 72
Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. From a report: These are two of 48 recommendations made by a task force in a report Thursday to the Biden administration aimed at fighting the continuing ransomware episodes that plague major corporations, local governments and health-care providers across the world. The task force, organized by the Institute for Security and Technology, said the cyber-attacks have become a $350 million criminal industry -- a four-fold increase from the previous year. Last week, the U.S. Justice Department created its own, independent ransomware task force, signaling growing awareness inside the U.S. government of the now decade-old threat. Ransomware is a type of malicious code that typically encrypts a victim's data or network of computers. The hackers then demand a ransom to decrypt the information. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3)
Please read Article Five.
The Congress, whenever two thirds of both houses shall deem it necessary, shall propose amendments to this Constitution, or, on the application of the legislatures of two thirds of the several states, shall call a convention for proposing amendments, which, in either case, shall be valid to all intents and purposes, as part of this Constitution, when ratified by the legislatures of three fourths of the several states, or by conventions in three fourths thereof, as the one or the
Re: (Score:2)
Nobody currently has an pro-gun argument that is better than the fact they are fun to shoot and customize. Home invasion? Baseball bat/quarter staff. Hunting? Bows, crossbows, and spears. Because other people have guns? Get rid of all the guns and you wouldn't have to worry about this.
Re: (Score:3)
Oh, I didn't say it would happen, just needs to. I know my own state wouldn't back. It is filled with people proud to be stupid and old people that should've died already.
No, it doesn't need to happen and the fact that you are chiming in with saying "people need to die" proves to me that you are one sick fuck. Please don't comment on anything I post any more.
Here is a couple of pro-gun arguments that are all you need to know. History says otherwise and protection during home invasion. There you go, those the best reasons for the 2nd amendment and trump any argument anyone has to get rid of it.
Re: (Score:2)
I am not betting on winning against the US Military in a shootout when they have a clear goal in mind. They have a lot more than just guns.
Re: (Score:3)
I learned from your history that you are a sick fuck. Here is an idea for you. Take advantage of the greatest right all U.S. Citizens have and leave. There are plenty of countries out there that would fit your sick thoughts. Anyone who thinks people should die to make the world a better place; there are better place in the world for you.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
I think they know very well what they are doing. Mainly, business for their buddies in the private sector. AKA "campaign donors".
Never mind that people actually *died* for this shit. The US has been spending something like 4 Bln per week over there since 9/11, meanwhile we can't even take care of our own, how come you never hear the "small government" types screaming about that?
Easy fix (Score:5, Insightful)
Make it illegal to pay the ransom. Watch how fast it stops. Even if the ransom is paid, there's zero guarantee that it won't get leaked anyways. Should have secured your data better.
Re: (Score:1)
I thought it was already illegal? But most of these ransomware gangs operate from Russia or other untouchable countries so how can you stop them?
Re: (Score:1)
Told you motherfuckers, https://krebsonsecurity.com/20... [krebsonsecurity.com]
Re: Easy fix (Score:2)
Strictly speaking it's not illegal, it really depends on who the money goes to. The act of paying the ransom is never illegal, rather it's the fact that you paid money to somebody who is on a government shitlist, no matter what the reason.
Re: (Score:3)
Not only is it not illegal, but for companies that get Insurance coverage to help pay costs to recover from cybersecurity incidents (The labor and materials to recover are expensive even if you have backups).. it seems the insurance companies will often set the reimbursement amount as the lesser of costs of the ransom and the estimated cost of rebuilding from backups.... In other words, if these businesses could recover their data by restoring from backups - It is possible that the insurance company w
Re: (Score:3)
Its only illegal if you are sending money to a group there are sanctions against. I forget the exact law "aiding Americas enemies act" or something along those lines.
Basically if the perps are not already on some state department naughty list you can pay - but there are also other rules now against the FBI helping facilitate payment. So if you decide to pay you are really on your own.
Then there is the public perception of it all. So what a lot of companies do is hire these 'recovery firms' to get the datab
Re:Easy fix (Score:5, Funny)
Re: (Score:2)
Your sig is referring to "Rajnikanth"? But I still don't get the output redirection?
Re: (Score:2)
Re: (Score:2)
In that case, I suggest the sig could be clarified as:
sed -e 's/Chuck Norris/Rajnikanth/g' joke => fact
But you must be a fan. I'd never heard of him before.
Force software companies to secure their software (Score:4, Interesting)
Re: Force software companies to secure their softw (Score:2)
Android phones get granular updates that go on for years. The Play Store pushes updates regularly for critical components of the android system. It is not an all-in-one major feature update like Apple pushes to the handful of hardware combinations they will support.
Re: (Score:2, Funny)
“Look, having nuclear—my uncle was a great professor
and scientist and engineer, Dr. John Trump at MIT; good
genes, very good genes, OK, very smart, the Wharton
School of Finance, very good, very smart —you know, if
you’re a conservative Republican, if I were a liberal, if,
like, OK, if I ran as a liberal Democrat, they would say I’m
one of the smartest people anywhere in the world—it’s
true!—but when you’re a conservative Republican they
try—oh, do they d
Ban cryptocurrency (Score:1)
Sanction all financial services which deal with cryptocurrency world wide. The US can do it for Iran, they can do it for cryptocurrency exchanges.
Problem solved.
cryptocurrency exchanges must hold funds like an b (Score:2)
cryptocurrency exchanges must hold funds like an bank and follow banking laws.
Re: (Score:1)
the st
Can't fix stupid (Score:2)
You want govt to help? (Score:3)
Now we got what we wanted. Government small enough to hide in a bathtub when the pandemic rages on. Government has to print trillions of dollars and give them to the very private companies that refused to pay their share of the taxes or shoulder their share of the burden of governing. We have no power to enforce even the basic laws. Even the minimal taxes are being evaded rampantly and flagrantly and government can't get even enforce that.
Now you are urging the White House? Who are you people? Did you speak out when the government was being cut to the bone and beyond? Were silent then? Shut up now.
If you were silent or agreed with The most dangerous words in USA are I am from the government and I am here to help you have no right to complain. You are the reason why Govt can't do anything.
Re: (Score:2)
Well, if we could get a $10 cut in spending in exchange for a $1 increase in taxes, I think pretty much everyone would be in favour.
Alas, what we usually get is a $1 increase in taxes, and a $10 increase in spending to make up for it....
Re: (Score:3)
Re: (Score:2)
I could still demand they repeal bad laws like the DMCA that stifle research into cryptography. Oh Snap! Too much government money CAN do really bad things to the world!
Re: (Score:2)
All these years we decired government is the beast. "Starve The Beast! Starve The Beast!!" was the resounding cry....
Government is still the beast, BUT Enforcement of our Laws to protect the public safety and property owners against evil actors are literally the primary job of government that is supposed to take priority over everything else - If they are spending bucks on secondary things, they'd better be doing their primary job first -- the prominence and existence of ransomware gangs represents an utte
Re: (Score:2)
Re: (Score:3)
Dude your entire post has FUCK all to do with anything here. One of the few things the starve the beast crowd generally supports the government doing is law enforcement.
Last I checked ransomware gangs are not 'big corporations' in sense you are ranting about.
So here is a wild thought - rather than raise taxes lets divert some of the money we apparently have to pass out to people to not work due to covid and instead use it have the FBI/CIA/Armed Forces go crack skulls of the people running these ransomware a
Re: (Score:2)
Computers are a passing fad (Score:3)
Re: (Score:2)
LOL! (Score:4, Insightful)
As everyone knows, a proper backup systems will thwart a ransomware attack. What all these people are demanding is a justification for not having a proper backup system in place. Alternatively, they are demanding software be perfect while being unwilling to pay for or migrate to perfect software.
Any way you slice it, they are all demanding they not be held accountable for their own negligent management.
Re:LOL! (Score:4, Interesting)
Re: (Score:3)
Re: (Score:3)
I have no sympathy for a business that loses data because they didn't have a proper backup system in place. Having a system in place, have it test, and having a working restore procedure is all apart of doing business today. Not having this is just sloppy and lazy.
No sympathy
Re:LOL! (Score:4, Insightful)
Re: (Score:2)
As everyone knows, a proper backup systems will thwart a ransomware attack.
Nope.. many of the gangs have upped the anti, just look at what is happening to the DC Police right not. Its no longer give us money and we might help you unlock your files - its not give us money or else we publish your files. Your backups won't help you there.
You need strong egress and data leak protection controls, or keep the rasomware out in the first place with strong IPS controls, or to keep it from executing with strong host intrusion controls AND user training. Realistically you need to be all o
Re: (Score:2)
Simplest solution: If releasing the file will put someone's life at risk, don't have it on a system that can connect to the internet.
Re: (Score:2)
That might be reasonable.
What about when
a persons identity might be at risk
a persons reputation might be at risk
regulatory rules like HIPPA/FERPA might apply
a trade secret might be at risk
internal market analysis / forecasting data
Where do you draws these lines for information air gaping?
Re: (Score:3)
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
Real simple to fix (Score:2)
If a company (or Gov org) system is broken into, the Feds tax them 40% of total revenue (budget) for 2 years or until fixed, whichever is longer, no appeals. If your server is on the "Cloud", the Cloud Provider will also be taxed 15% of total revenue for 4 years.
This tax will be put into a fund to protect people whose personal info was stolen. Similar to the "hazardous waste" fund is *suppose* to work, but make this new tax work.
With this, you can be sure these companies will setup servers and desktops t
Only idiots... (Score:2)
...pay the ransom.
Smart folks have the means in place to rollback changes to their infrastructure in just a few hours.
Slightly less smart folks need days to restore from backup, but still have no reason to the ransom.
IMO if you're stupid enough to not have good offsite backups, frequent snapshots, or a DR site with snapshots that you can quickly fail over to you should suffer the consequences.
Re: (Score:1)
“Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart —you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I’m one of the smartest people anywhere in the world—it’s true!—but when you’re a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what’s going to happen and he was right—who would have thought?), but when you look at what’s going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it’s all in the messenger; fellas, and it is fellas because, you know, they don’t, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.”
The solution being to not use MICROS~1.. (Score:1)
Use the Afghan money (Score:2)
With all the money we're going to be saving* by pulling out of Afghanistan, that money could be used to set up super secret hunter killer teams. They would be tasked with hunting down and eliminating those who perpetrate ransomeware attacks.
* By saving money I mean no longer propping up all those contract companies who live off the taxpayer dole such as the firm formerly known as Blackwater (now XE) or Halliburton or Raytheon.
Do government mandates even work? (Score:3)
Before we implement more requirements, prove that NIST 800-171 works. Prove that DFARS requirements work. Prove that CMMC requirements work. The bar is already pretty tall to do business with the government. The costs for compliance are high. Its not clear that the processes actually work to prevent problems - I mean the SolarWinds hack bypassed most of those requirements. Let's make sure we are doing something effective and not just 'doing something'.
Step 1 (Score:2)
Step 1 -- Governments publish lists of seized wallets associated with crimes.
Step 2 -- Recursively add contaminated wallets to lists of seized wallets
Step 3 -- Seize wallets of contaminated major exchanges
Exchanges that survive this process, if any, will start to be more careful about who they do business with. Monero, being much more difficult to trace contamination, will become exclusively used by criminals and will be radioactive because of its untraceability at legitimate exchanges.
It is illeg